Network Security Warning ..... How to Protect Yourself On The Internet

[TweakHound]

Nice find! Please submit this to the news section so I can validate it.

[Cogar]

Quote:

Originally Posted by TweakHound

Nice find! Please submit this to the news section so I can validate it.

You got it!

[giga_dude]

hmm...if anyone is looking for a good wireless-g router with SPI etc check out the Linksys WRT54GS ( $69 after mail-ins)

http://www.newegg.com/app/ViewProduc...124-136&depa=0


Its been pretty good so far but I've only had it for 2 weeks now..

[KingTermite]

How to think like a hacker - Scott Culp's 10 Immutable Laws of Security

Back in the year 2000 Scott Culp published a paper outlining the 10 Immutable Laws of Security. I've restated them here to be concise but strongly encourage you to read the original article as it develops each law to discuss each in turn.

If you're new to information security and would like to put everything in context then Scott's paper will help. In addition remember that information security is all about risk measurement, mitigation together with policy, process and people - security policy must support the requirements of the business whilst mitigating the risks to a level that the company are comfortable with.

Policy and processes must be constantly reviewed and updated to ensure compliance with the requirements and operation of the business. People outside the security team must be involved with and buy into the security of information otherwise they are likely to take shortcuts.

Security Policy must be realistic - users can be encouraged to comply with reasonable security policy and associated guidelines - if they think "the policy's stupid" then they are far less likely to follow it. Security policies must "have teeth" to make it clear to users that failure to comply will result in consequences.

Here are the 10 Immutable Laws of Security:

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore



Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore



Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore



Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more



Law #5: Weak passwords trump strong security



Law #6: A computer is only as secure as the administrator is trustworthy



Law #7: Encrypted data is only as secure as the decryption key



Law #8: An out of date virus scanner is only marginally better than no virus scanner at all



Law #9: Absolute anonymity isn't practical, in real life or on the Web



Law #10: Technology is not a panacea





Taken from < here > !

[PCBruiser]

FYI, a lot of the info in this thread has been update, corrected, consolidated and expanded. It all appears in the Securing Windows XP paper that Tweakhound and I co-authored. You can find that in the Reviews Forum. It might be easier for you then going through this long thread, although there is more product specific info here than in the paper.

[Cogar]

That is a great article KT. It is even simple enough that I can understand it.

[PCBruiser]

To make this thread easier to find, I have restuck it for the time being. I had unstuck it after Tweakhound and I posted our paper because that is more definitive on the subject then this thread.

[pointreyes]

Quote:

Originally Posted by KingTermite

How to think like a hacker - Scott Culp's 10 Immutable Laws of Security

Great article and this could very well be my next career move. However, I already think like a hacker, it's thinking like a cracker that is important to me.

Thanks for finding this article.

[wayne_abx]

Quote:

Originally Posted by giga_dude

hmm...if anyone is looking for a good wireless-g router with SPI etc check out the Linksys WRT54GS ( $69 after mail-ins)

http://www.newegg.com/app/ViewProduc...124-136&depa=0


Its been pretty good so far but I've only had it for 2 weeks now..

Yap, It is what I use w/WPA and OSS firmware thus I use third party firmware Up Time: 100 days, 20:22:18 since my last boot and that was because of a firmware upgrade.

-wayne

[Shadow_419]

I've just succesfully stealthed my router
It took a little while to figure out how to stealth port 113 but the tips at shields up and this thread were great. Thanks again to PCB, Tweakhound, and all the other members who left thier input

[giga_dude]

Quote:

Originally Posted by wayne

Yap, It is what I use w/WPA and OSS firmware thus I use third party firmware Up Time: 100 days, 20:22:18 since my last boot and that was because of a firmware upgrade.

-wayne

What firmware do you use? The Sveasoft one or?

[wayne_abx]

Quote:

Originally Posted by giga_dude

What firmware do you use? The Sveasoft one or?

I have used Sveasoft, currenty using HyperWRT Sveasoft "Alchemy" is still in beta though there is others out there such as DD-WRt

I like both Sveasoft and HyperWRT they both bring different venues to the table though Sveasoft charges $20usd

-wayne

[giga_dude]

do you have a linkie by any chance?

This is the one that I found: http://www.hyperdrive.be/hyperwrt/

[wayne_abx]

DD-WRt

Alchemy is still beta and not released yet, DD-WRt is bassed on Alchemy

WARNING:
if you don't need the extra features and have no issue with linksys supplied Firmware, then I see no need to use a third party firmware since it is NOT supported by Linksys, if you choose to go ahead and use a third party firmware then be sure to back up the good working firmware that is already in the router by using the router's built-in backup feature.
CAUTION: DON"T flash the routers firmware by wireless means!

-wayne

[giga_dude]

Quote:

Originally Posted by wayne

DD-WRt

Alchemy is still beta and not released yet, DD-WRt is bassed on Alchemy

WARNING:
if you don't need the extra features and have no issue with linksys supplied Firmware, then I see no need to use a third party firmware since it is NOT supported by Linksys, if you choose to go ahead and use a third party firmware then be sure to back up the good working firmware that is already in the router by using the router's built-in backup feature.
CAUTION: DON"T flash the routers firmware by wireless means!

-wayne

No problem wayne. I'm merely looking into the bonus features that could be gained by using 3rd party firmware. The only issues I have right now is speed....so Im just looking to see if I can upgrade the firmware & achieve moderate gains....